@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 19
May 6, 2010

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

- Category
- # of Updates & Vulnerabilities
- @RISK is the SANS community's consensus bulletin summarizing the most
- important vulnerabilities and exploits identified during the past week
- and providing guidance on appropriate actions to protect your systems
- (PART I). It also includes a comprehensive list of all new
- vulnerabilities discovered in the past week (PART II).
- Summary of Updates and Vulnerabilities in this Consensus
- Platform Number of Updates and Vulnerabilities
- - ------------------------ -------------------------------------
- Other Microsoft Products
- 2
- Third Party Windows Apps
- 15
- Linux
- 2
- BSD
- 1
- Cross Platform
- 24 (#1, #2)
- Web Application - Cross Site Scripting 11
- Web Application - SQL Injection 27
- Web Application
- 35
- Network Device
- 2

********************* Sponsored By Oracle ***********************

REGISTER NOW FOR THE UPCOMING WEBCAST: Simplifying Fine-Grained Security for Enterprise Applications with Entitlements Management. Sponsored By: Oracle

http://www.sans.org/info/58748

****************************************************************** TRAINING UPDATE

-- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

-- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

-- SANS Secure Europe Amsterdam 2010, June 21-July 3, 2010 8 courses.

http://www.sans.org/secure-amsterdam-2010/

-- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

-- SANS Boston 2010, August 2-8, 2010 11 courses. Special Events include Rapid Response Security Strategy Competition

http://www.sans.org/boston-2010/

-- SANS Network Security 2010, Las Vegas, September 19-27, 2010 39 courses.

http://www.sans.org/network-security-2010/

Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Geneva, Toronto, Singapore and Canberra all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

(1) HIGH: Adobe Photoshop TIFF Processing Buffer Overflow Vulnerabilities (apsb10-10)
(2) MODERATE: Internet Download Manager FTP Buffer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

*************************** Sponsored Link: ******************************

1) The 2010 SANS What Works in Penetration Testing & Vulnerability Assessment Summit features an agenda loaded with brand-new talks from the best penetration testers and vulnerability assessment leaders in the world. http://www.sans.org/info/58753

*************************************************************************

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software

(1) HIGH: Adobe Photoshop TIFF Processing Buffer Overflow Vulnerabilities (apsb10-10)
Affected:
- Adobe Photoshop CS4 version 11.0.0
Description: Adobe Photoshop is a popular image editing software developed by Adobe Systems. Multiple vulnerabilities have been identified in Adobe Photoshop Creative Suite (CS) 4 editions. The issues are caused by unspecified errors in the way Adobe Photoshop CS4 processes TIFF files. A specially crafted TIFF file, when opened by an unsuspecting user in Photoshop CS4, will trigger these vulnerabilities. Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the affected application. No technical details are provided for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
- Adobe Security Advisory
- http://www.adobe.com/support/security/bulletins/apsb10-10.html
- Wikipedia Article on Adobe Photoshop
- http://en.wikipedia.org/wiki/Adobe_Photoshop
- Product Home Page
- http://www.adobe.com/products/photoshop/index.html
- SecurityFocus BID
- http://www.securityfocus.com/bid/39849

(2) MODERATE: Internet Download Manager FTP Buffer Overflow Vulnerability
Affected:
- Internet Download Manager 5.18
Description: Internet Download Manager (IDM) is a tool to handle internet browser downloads and increase download speeds. A buffer overflow vulnerability has been identified in Internet Download Manager. The issue is caused by an error in the way affected application sends certain test sequences to an FTP server. In order to exploit this vulnerability an unsuspecting user will have to be enticed into downloading a file from a specially crafted FTP URI. Successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user. Some technical details for the vulnerability are publicly available.
Status: Vendor confirmed, updates available.
References:
- Secunia Research Security Advisory
- http://secunia.com/secunia_research/2010-62/
- Wikipedia Article on Internet Download Manager
- http://en.wikipedia.org/wiki/Internet_Download_Manager
- Vendor Home Page
- http://www.internetdownloadmanager.com/
- SecurityFocus BID
- http://www.securityfocus.com/bid/39822

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 19, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9328 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

10.19.1 - CVE: CVE-2010-1690
Platform: Other Microsoft Products
Title: Microsoft Windows SMTP Server DNS Response Field Validation DNS Spoofing
Description: Microsoft Windows Simple Mail Transfer Protocol Server is an email transport service included in email services and Microsoft Internet Information Services. The Microsoft Windows Simple Mail Transfer Protocol Server is exposed to a DNS spoofing issue.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx

10.19.2 - CVE: CVE-2010-1689
Platform: Other Microsoft Products
Title: Microsoft Windows SMTP Server Insufficient Query ID Randomization DNS Spoofing
Description: Microsoft Windows Simple Mail Transfer Protocol Server is an email transport service included in email services and Microsoft Internet Information Services. The Microsoft Windows Simple Mail Transfer Protocol Server is exposed to a DNS spoofing issue.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx

10.19.3 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Serenity Audio Player ".m3u" File Buffer Overflow
Description: Serenity Audio Player is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".m3u" file. Serenity Audio Player version 3.2.3 is affected.
Ref: http://www.securityfocus.com/bid/39768

10.19.4 - CVE: Not Available
Platform: Third Party Windows Apps
Title: WebMoney Advisor "wmadvisor.dll" ActiveX Control Buffer Overflow
Description: WebMoney Advisor is a client application for WebMoney Transfer. WebMoney Advisor is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "wmadvisor.dll" ActiveX control when processing an overly long argument to the "Redirect()" method.
Ref: http://support.microsoft.com/kb/240797

10.19.5 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple Optimalaccess Products Stack-Based Buffer Overflow
Description: Optimalaccess' Optimal Archive and Optimal Desktop are archiving applications available for the Windows operating system. Optimal Archive and Optimal Desktop Archive are exposed to a stack-based buffer overflow issue because they fail to perform adequate boundary checks on user-supplied data.
Ref: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-017-op
timal-archive-1.38/

10.19.6 - CVE: Not Available
Platform: Third Party Windows Apps
Title: CompleteFTP Directory Traversal
Description: CompleteFTP is a Windows-based FTP server. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings from user-supplied commands. CompleteFTP version 3.3.0 is affected.
Ref: http://www.securityfocus.com/bid/39802

10.19.7 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Stud_PE ".exe." File Remote Stack Buffer Overflow
Description: Stud_PE is a portable executables (.exe) viewer/editor. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when parsing function names contained in a specially crafted executable file. Stud_PE version 2.6.0.5 is affected.
Ref: http://www.securityfocus.com/bid/39811

10.19.8 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Xilisoft Blackberry Ring Tone Maker ".wma" File Stack Buffer Overflow
Description: Xilisoft Blackberry Ring Tone Maker is a media file converter for Microsoft Windows. The application is exposed to a stack based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially crafted ".wma" file. Blackberry Ring Tone Maker version 1.0.12 build-0326 is affected.
Ref: http://www.securityfocus.com/bid/39826

10.19.9 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Mini-stream Software Mini-stream Ripper ".smi" File Remote Stack Buffer Overflow
Description: Mini-stream Software Mini-stream Ripper is a multimedia application for Microsoft Windows platforms. Mini-stream Software Mini-stream Ripper is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Mini-stream Ripper version 3.1.0.8 is affected.
Ref: http://www.securityfocus.com/bid/39828

10.19.10 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Alt-N MDaemon SUBSCRIBE Remote Information Disclosure
Description: MDaemon is an email server for Windows platforms. MDaemon is exposed to an information disclosure issue because it fails to sufficiently sanitize user-supplied input. Specifically, the application fails to sanitize directory traversal strings in the "SUBSCRIBE" command. MDaemon version 11.0.1 is affected.
Ref: http://www.securityfocus.com/bid/39859

10.19.11 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Urgent Backup and ABC Backup ZIP File Remote Buffer Overflow
Description: Urgent Backup and ABC Backup are system backup utilities that use the ZIP file format for compression and extraction. The applications are exposed to a remote buffer overflow issue because they fail to perform adequate boundary checks on user-supplied data.ABC Backup 5.50, ABC Backup Pro 5.20 and Urgent Backup 3.20 are affected.
Ref: http://www.securityfocus.com/bid/39876

10.19.12 - CVE: Not Available
Platform: Third Party Windows Apps
Title: MakeitOne Media Player ".m3u" File Remote Stack Buffer Overflow
Description: MakeitOne Media Player is a DirectShow based media player. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user supplied input.
Ref: http://www.securityfocus.com/bid/39881

10.19.13 - CVE: Not Available
Platform: Third Party Windows Apps
Title: TFTPUtil GUI Long Transport Mode Buffer Overflow
Description: TFTPUtil GUI is a trivial file transfer protocol (TFTP) program for Windows platforms. The application is exposed to a buffer overflow issue because it fails to properly validate an overly long transport mode string. TFTPUtil GUI version 1.4.5 is affected.
Ref: http://www.securityfocus.com/bid/39872

10.19.14 - CVE: Not Available
Platform: Third Party Windows Apps
Title: ddrLPD Remote Denial of Service
Description: ddrLPD is a Line Printer Daemon application for Windows platforms. The application is exposed to a remote denial of service issue because it fails to properly validate user supplied data. ddrLPD version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/39904

10.19.15 - CVE: CVE-2010-1681
Platform: Third Party Windows Apps
Title: Microsoft Visio "DXF" File Insertion Buffer Overflow
Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data.
Ref: http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow

2009-2261 - CVE: CVE
Platform: Third Party Windows Apps
Title: PeaZip Remote ".Zip" Arbitrary Command Execution
Description: PeaZip is an archiving application implemented in RB. PeaZip is exposed to an arbitrary command execution issue because the application fails to properly sanitize user-supplied input. PeaZip version 2.6.1 is affected.
Ref: http://www.securityfocus.com/bid/39906

10.19.17 - CVE: Not Available
Platform: Third Party Windows Apps
Title: AVS DVD Authoring ".mp3" File Remote Buffer Overflow
Description: AVS DVD Authoring is a disc authoring and burning application. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. AVS DVD Authoring version 1.3.3.51 is affected.
Ref: http://www.securityfocus.com/bid/39914

10.19.18 - CVE: CVE-2010-1173
Platform: Linux
Title: Linux Kernel "sctp_process_unk_param()" Remote Denial of Service
Description: The Linux kernel is exposed to a remote denial of service issue because it fails to properly handle user-supplied input. This issue occurs because of an error in the "sctp_process_unk_param()" function.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1173

10.19.19 - CVE: Not Available
Platform: Linux
Title: Linux Kernel for PowerPC KGDB "_PAGE_USER" Test Local Privilege Escalation
Description: The Linux kernel is exposed to a local privilege escalation issue because it fails to properly check if pages are within kernel memory space. Specifically, if KGDB is enabled, "_PAGE_USER" tests are bypassed. This issue affects the "arch/powerpc/mm/fsl_booke_mmu.c" and "arch/powerpc/mm/ppc_mmu_32.c" source code files.
Ref: http://comments.gmane.org/gmane.comp.security.oss.general/2861

10.19.20 - CVE: Not Available
Platform: BSD
Title: NetBSD amd64 NX Bit Disabling Weakness
Description: NetBSD is exposed to a weakness that may cause the NX bit under amd64 to be disabled. Specifically the issue exists in "init_x86_64()" and occurs because the value of the NX bit is erased by a call to "cpu_probe()". NetBSD-current and NetBSD versions 5.0 and above are affected.
Ref: http://www.securityfocus.com/bid/39751

10.19.21 - CVE: CVE-2010-0991
Platform: Cross Platform
Title: imlib2 "src/lib/image.h" Remote Buffer Overflow
Description: imlib2 is a library to process images. The library is exposed to a heap-based buffer overflow issue that occurs when an application using the affected library processes specially crafted ARGB, XPM or BMP image files. Specifically the issue exists due to a logical error in the "IMAGE_DIMENSIONS_OK()" macro of the "src/lib/image.h" file. imlib2 version 1.4.3 is affected.
Ref: http://secunia.com/secunia_research/2010-54/

10.19.22 - CVE: Not Available
Platform: Cross Platform
Title: Elastix "id_nodo" Parameter Local File Include
Description: Elastix is an open source PBX application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id_nodo" parameter of the "help/frameRight.php" script. Elastix version 1.6.0 is affected.
Ref: http://www.securityfocus.com/bid/39610

10.19.23 - CVE: Not Available
Platform: Cross Platform
Title: Wing FTP Server HTTP Request Directory Traversal
Description: Wing FTP Server is an FTP server application. The server is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to an unspecified HTTP request. Wing FTP Server version 3.4.3 is affected.
Ref: http://www.securityfocus.com/bid/39744

10.19.24 - CVE: Not Available
Platform: Cross Platform
Title: OneHTTPD Directory Traversal
Description: OneHTTPD is a minimalist web server available for multiple platforms. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings from the URI. OneHTTPD version 0.6 is affected.
Ref: http://www.securityfocus.com/bid/39757

10.19.25 - CVE: CVE-2010-1166
Platform: Cross Platform
Title: X.Org X Server RENDER Extension "mod()" Remote Memory Corruption
Description: The X.Org X Windows server is an open source X Window System for UNIX, Linux and other variants. The X Server RENDER extension is exposed to a memory corruption issue because of a design flaw. An attacker can exploit this issue to execute arbitrary code with superuser privileges.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=582601

10.19.26 - CVE: CVE-2010-1438
Platform: Cross Platform
Title: WAFP Insecure Temporary File Creation
Description: WAFP (Web Application Finger Printer) is a ruby based application used to remotely determine the type and version of web applications. The application creates temporary files in an insecure manner. A local attacker could potentially perform symbolic link attacks, overwriting arbitrary files in the context of the affected application.
Ref: http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8

10.19.27 - CVE: Not Available
Platform: Cross Platform
Title: NIBE Heat Pump Web Interface "exec.cgi" Script Remote Code Execution
Description: The NIBE heat pump web interface is an HTTP interface for controlling NIBE heat pumps. The interface is exposed to a remote code execution issue because it does not sufficiently sanitize user-supplied data. Specifically, the "script" parameter of the "/cgi-bin/exec.cgi" script is affected.
Ref: http://h.ackack.net/?p=302

10.19.28 - CVE: Not Available
Platform: Cross Platform
Title: Memorial Web Site Script Insecure Cookie Authentication Bypass
Description: Memorial Web Site Script is an online memorial template. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, attackers can gain administrative access to the application by setting the "logged" cookie parameter to "admin".
Ref: http://www.securityfocus.com/bid/39772

10.19.29 - CVE: Not Available
Platform: Cross Platform
Title: Mini Web Server Cross-Site Scripting and Directory Traversal Vulnerabilities
Description: Mini Web Server is a small, Java-based web server. The application is exposed to a cross-site scripting issue and a directory traversal issue because it fails to sanitize user-supplied input. The cross-site scripting issue affects the web server application and can be exploited by issuing a crafted HTTP "GET" request for a URI starting with a character sequence of "%00". Mini Web Server version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/39780

10.19.30 - CVE: Not Available
Platform: Cross Platform
Title: Easy Icon Maker ".ico" File Buffer Overflow
Description: Easy Icon Maker is a utility for making and editing icons. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when the application parses a specially crafted ".ico" file.
Ref: http://www.securityfocus.com/bid/39792

10.19.31 - CVE: Not Available
Platform: Cross Platform
Title: Apple Safari CSS "img" Data Remote Denial of Service
Description: Apple Safari is a web browser. Apple Safari is exposed to a remote denial of service issue. Specifically, the application crashes when processing a HTML document containing crafted CSS data associated with the "img" HTML tag. Safari version 4.0.3 for Windows is affected.
Ref: http://www.exploit-db.com/exploits/12457

10.19.32 - CVE: Not Available
Platform: Cross Platform
Title: Google Chrome HTTP Request multiple vulnerabilities
Description: Google Chrome is a web browser for multiple platforms. The browser is exposed to multiple issues. A memory-corruption vulnerability affects V8 bindings. An unspecified security issue may allow a malicious site to load with the privileges of the "New Tab" page. An unspecified issue exists related to a type confusion error with forms. An unspecified security issue exists related to an HTTP request error. Google Chrome versions prior to 4.1.249.1059 are affected.
Ref: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.ht
ml

10.19.33 - CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Google URL Cross-Domain Security Bypass
Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to a memory corruption issue that occurs when handling HTML5 media and a cross-domain security bypass issue that affects the Google URL (GURL). Google Chrome versions prior to Chrome 4.1.249.1064 are affected.
Ref: http://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-security-
fixes.html

10.19.34 - CVE: Not Available
Platform: Cross Platform
Title: Internet Download Manager FTP Buffer Overflow
Description: Internet Download Manager (IDM) is an application designed to increase the speed of downloading files from remote sites. It runs on Microsoft Windows. IDM is exposed to a buffer overflow issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when sending certain test sequences to an FTP server. IDM version 5.18 is affected.
Ref: http://www.securityfocus.com/bid/39822

10.19.35 - CVE: CVE-2010-0772
Platform: Cross Platform
Title: IBM WebSphere MQ Unspecified Channel Control Data Remote Denial Of Service
Description: IBM WebSphere MQ is a commercially available messaging engine for enterprises. IBM WebSphere MQ is exposed to a remote denial of service issue that can be triggered by sending specially crafted channel control data from clients. WebSphere MQ versions prior to 7.0.1.2 are affected.
Ref: http://www-01.ibm.com/software/integration/wmq/

10.19.36 - CVE: Not Available
Platform: Cross Platform
Title: 68designs 68kb Multiple Remote File Include Vulnerabilities
Description: 68designs 68kb is a PHP-based online knowledge base script. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/39845

10.19.37 - CVE: CVE-2010-1279
Platform: Cross Platform
Title: Adobe Photoshop TIFF Handling Multiple Unspecified Security Vulnerabilities
Description: Adobe Photoshop is an application that allows users to view and edit various graphic formats. Adobe Photoshop is exposed to multiple unspecified vulnerabilities when handling specially crafted TIFF files. Photoshop versions prior to CS4 11.0.1 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-10.html

10.19.38 - CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser Asynchronous Document Modifications Remote Code Execution
Description: Opera Web Browser is a browser that runs on multiple operating systems. The browser is exposed to a remote code execution issue. Versions prior to Opera 10.53 for Windows and Mac OS are affected.
Ref: http://www.opera.com/support/kb/view/953/

10.19.39 - CVE: Not Available
Platform: Cross Platform
Title: Woltlab Burning Board Arbitrary File Upload
Description: Woltlab Burning Board is an open source web forum. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading avatars to the web server. Burning Board Lite version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/39863

10.19.40 - CVE: Not Available
Platform: Cross Platform
Title: Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
Description: Acritum Femitter Server is an HTTP server. Acritum Femitter Server is exposed to multiple remote issues. An arbitrary file download issue occurs because the application fails to sanitize "." characters from the URI. A directory traversal issue occurs because the application fails to properly sanitize directory traversal strings ('../..'). An authentication bypass issue occurs because the application allows unauthorized users to download files when the "404 doesn't exist" option is enabled. An arbitrary file upload issue occurs because the application fails to properly sanitize file extensions before uploading files on to the web server. Acritum Femitter Server version 1.03 is affected.
Ref: http://www.securityfocus.com/bid/39868

10.19.41 - CVE: Not Available
Platform: Cross Platform
Title: PHP "php_dechunk()" HTTP Chunked Encoding Integer Overflow
Description: PHP is a general purpose scripting language that is suited for web development. PHP is exposed to a remote integer overflow issue because it fails to properly process chunk-encoded HTTP responses. This issue is caused by an error in the "php_dechunk()" function in the "ext/standard/filters.c" source file. PHP versions 5.3.0 through 5.3.2 are affected.
Ref: http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-compa
rison-vulnerability/index.html

10.19.42 - CVE: Not Available
Platform: Cross Platform
Title: Password Manager Daemon (pwmd) Binary Key File Insecure Encryption
Description: Password Manager Daemon (pwmd) is a socket driven application that provides encrypted credentials for multiple applications. The application is exposed to an issue that may allow attackers to obtain sensitive data. Password Manager Daemon (pwmd) versions prior to 2.14 are affected.
Ref: http://benkibbey.wordpress.com/category/pwmd/

10.19.43 - CVE: Not Available
Platform: Cross Platform
Title: RealVNC 4.1.3 "ClientCutText" Message Remote Denial of Service
Description: RealVNC (Virtual Network Computing) allows users to access remote computers for administration purposes. RealVNC is exposed to a remote denial of service issue. RealVNC version 4.1.3 is affected.
Ref: http://www.securityfocus.com/bid/39895

10.19.44 - CVE: Not Available
Platform: Cross Platform
Title: Beyond Compare ZIP Archive Stack Buffer Overflow
Description: Beyond Compare is a file and directory comparison application available for Microsoft Windows and Linux. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Beyond Compare version 3.0.19 b9599 is affected.
Ref: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-36-bey
ond-compare-zip-bof/

10.19.45 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ProArcadeScript "search.php" Cross-Site Scripting
Description: ProArcadeScript is a PHP-based script for arcade sites. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "searchstr" parameter of the "search.php" script.
Ref: http://www.securityfocus.com/bid/39749

10.19.46 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Custom CMS Gaming Arbitrary File Upload and Cross-Site Scripting Vulnerabilities
Description: Custom CMS Gaming is a web-based content manager for gaming. It is implemented in PHP. The application is exposed to multiple issues. 1) An issue allows attackers to upload and execute arbitrary PHP code. 2) A cross-site scripting issue occurs because the application fails to sufficiently sanitize user-supplied input to the "url" parameter of the "sendtofriend.php" script. Custom CMS Gaming version 4.5.8.2 is affected.
Ref: http://www.securityfocus.com/bid/39753

10.19.47 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Apache ActiveMQ "admin/queueBrowse" Cross-Site Scripting
Description: Apache ActiveMQ is a Message Broker and Enterprise Integration Patterns provider. It is implemented in Java and available for a number of platforms. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue affects the "feedType" parameter of scripts in the "admin/queueBrowse" directory. ActiveMQ versions 5.3.0 and 5.3.1 are affected.
Ref: http://www.securityfocus.com/bid/39771

10.19.48 - CVE: CVE-2010-081712.0.0.6421 is affected.
Platform: Web Application - Cross Site Scripting
Title: Microsoft SharePoint Server 2007 "_layouts/help.aspx" Cross- Site Scripting
Description: Microsoft SharePoint is an integrated server application providing content management and search capabilities. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "cid0" parameter of the "_layouts/help.aspx" script. SharePoint Server 2007 version
Ref: http://www.securityfocus.com/archive/1/511021

10.19.49 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mango Blog "archives.cfm/search" Cross-Site Scripting
Description: Mango Blog is a web-based application implemented in ColdFusion. Mango Blog is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "term" parameter in the "archives.cfm/search/" script. Mango Blog versions prior to 1.4.2 are affected.
Ref: http://www.securityfocus.com/archive/1/511086

10.19.50 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LXR Cross Referencer "title" Parameter Cross-Site Scripting issue
Description: LXR Cross Referencer is a web-based general purpose source code indexer and cross-referencer. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "title" parameter. Versions prior LXR Cross Referencer 0.98 are affected.
Ref: http://www.securityfocus.com/bid/39865/references

10.19.51 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Geeklog Forum Plugin Anonymous Usernames Cross-Site Scripting
Description: Forum is a plugin for Geeklog. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an anonymous usernames parameter of the "createtopic.php" script. Forum version 2.7.3 is affected.
Ref: http://www.geeklog.net/article.php/forum-2.7.3

10.19.52 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Torrent Hoster "forgot_password.php" Cross-Site Scripting
Description: Torrent Hoster is a web-based application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "forgot_password.php" script.
Ref: http://www.securityfocus.com/bid/39889

10.19.53 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ecoCMS "admin.php" Cross-Site Scripting
Description: ecoCMS is a content management system implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "p" parameter of the "admin.php" script. ecoCMS version 18.04.2010 is affected.
Ref: http://www.securityfocus.com/archive/1/511117

10.19.54 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: eliteCMS "page" Parameter Cross-Site Scripting
Description: eliteCMS is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "admin/edit_page.php" script. eliteCMS version 1.0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/511116

10.19.55 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ThinkPHP "index.php" Cross-Site Scripting
Description: ThinkPHP is a web-based application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "s" parameter of the "index.php" script. ThinkPHP version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/39909

10.19.56 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZABBIX "nav_time" Parameter SQL Injection
Description: ZABBIX is an IT monitoring system available for multiple operating platforms. ZABBIX is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nav_time" parameter of the "events.php" script. ZABBIX versions 1.8.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/39752

10.19.57 - CVE: CVE-2010-1463
Platform: Web Application - SQL Injection
Title: WebAsyst Shop-Script FREE Multiple SQL Injection Vulnerabilities
Description: WebAsyst Shop-Script FREE is a PHP-based shopping cart script. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/39766

10.19.58 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Rocky.nu Modelbook "casting_view.php" SQL Injection
Description: Rocky.nu Modelbook is a PHP-based web community script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "adnum" parameter of the "casting_view.php" script.
Ref: http://www.securityfocus.com/bid/39788

10.19.59 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: GeneShop "folder" Parameter SQL Injection
Description: GeneShop is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "folder" parameter of the "browse.php" script before using it in an SQL query. GeneShop version 5.1.1 is affected.
Ref: http://www.securityfocus.com/bid/39790

10.19.60 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Rocky.nu PHP Video Battle "browse.html" SQL Injection
Description: Rocky.nu PHP Video Battle is an HTML system used to compare online videos. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat" parameter of the "browse.html" script.
Ref: http://www.securityfocus.com/bid/39791

10.19.61 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: TaskFreak! Tirzen Framework "LoadByKey()" SQL Injection
Description: TaskFreak! is a web-based task manager. TaskFreak! is exposed to an SQL injection issue that exists in the Tirzen Framework. Specifically, the application fails to sanitize user-supplied input to the "loadByKey()" function of the "zn_mysql.php" script. TaskFreak! version 0.6.2 is affected.
Ref: http://www.madirish.net/?article=456

10.19.62 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: iScripts VisualCaster "playVideo.php" SQL Injection
Description: iScripts VisualCaster is a PHP-based video hosting script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "product_id" parameter of the "playVideo.php" script.
Ref: http://www.securityfocus.com/bid/39795

10.19.63 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Your Articles Directory Login Option SQL Injection
Description: Your Articles Directory is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the login options field before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39796

10.19.64 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tele Data's Contact Management Server "username" Parameter SQL Injection
Description: Tele Data's Contact Management Server is a custom designed HTTP server. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter before using it in an SQL query. Tele Data's Contact Management Server version 0.9 is affected.
Ref: http://www.securityfocus.com/bid/39799

10.19.65 - CVE: CVE-2010-1269, CVE-2010-1270
Platform: Web Application - SQL Injection
Title: Multi Auktions Komplett System "auktion_text.php" SQL Injection
Description: Multi Auktions Komplett System is a PHP-based online shopping application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_auk" parameter of the "auction_txt.php" script before using it in an SQL query. Multi Auktions Komplett System version 2 is affected.
Ref: http://www.securityfocus.com/bid/39805

10.19.66 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: 68KB "search.php" Search Function SQL Injection
Description: 68KB is a PHP-based knowledge base application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the search function before using it in an SQL query. 68KB version 1.0.0rc4 is affected.
Ref: http://github.com/68designs/68KB/commit/24cb1978e933fabf14549b943d4bb2c05c9552f0

10.19.67 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: JobPost "iType" Parameter SQL Injection
Description: JobPost is a job board application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "iType" parameter of the "type.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39831

10.19.68 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: 4xcms "login.php" Multiple SQL Injection Vulnerabilities
Description: 4xcms is a PHP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "User" and "Pass" fields of the "login.php" script. 4xcms r26 is affected.
Ref: http://www.securityfocus.com/bid/39840

10.19.69 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Event Horizon Multiple SQL Injection Vulnerabilities
Description: Event Horizon is a file transfer application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts: "downloadfiles.php", "uploadfiles.php" and "sendfile.php". Event Horizon versions prior to 1.1.10 are affected.
Ref: http://freshmeat.net/projects/eventh/releases/311485

10.19.70 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: WHMCS "id" Parameter SQL Injection
Description: WHMCS (WHM Complete Solution) is a PHP-based application for billing and managing clients. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "announcements.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39859

10.19.71 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: GuppY "lng" Parameter SQL Injection
Description: GuppY is Web portal software implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lng" parameter of the "newsletter.php" script before using it in an SQL query. GuppY version 4.5.18 is affected.
Ref: http://www.securityfocus.com/bid/39860

10.19.72 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Comersus Cart 8 SQL Injection
Description: Comersus Cart is an e-commerce shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query while authenticating users. Comersus Cart version 8 is affected.
Ref: http://www.securityfocus.com/bid/39861

10.19.73 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Campsite "article_id" Parameter SQL Injection
Description: CampSite is an online publishing tool implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "article_id" parameter of the "javascript/tinymce/plugins/campsiteattachment/attachments.php" script before using it in an SQL query. Campsite versions 3.2 through 3.3.5 are affected.
Ref: http://www.securityfocus.com/bid/39862

10.19.74 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Billwerx "primary_number" Parameter SQL Injection
Description: Billwerx is a billing application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "primary_number" parameter of the "request_account.php" script before using it in an SQL query. Billwerx version RC5.2.2 PL2 is affected.
Ref: http://www.securityfocus.com/bid/39867/info

10.19.75 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: IslamSound Multiple Remote SQL Injection Vulnerabilities
Description: IslamSound is a web-based application implemented in PHP. IslamSound is exposed to multiple remote SQL injection issues because the application fails to properly validate user-supplied input before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39880

10.19.76 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Phenix Multiple SQL Injection Vulnerabilities
Description: Phenix is a PHP-based calendar application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the following scripts and parameters: "agenda_profil.php": "idUser" and "agenda_titre.php": "moisEnCours". Phenix version 3.5b is affected.
Ref: http://www.securityfocus.com/bid/39893

10.19.77 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: ClanSphere Multiple SQL Injection Vulnerabilities
Description: ClanSphere is a PHP-based calendar application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. The issues affect the captcha generator and MySQL driver. ClanSphere versions 2009.0.3 and earlier are affected.
Ref: http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic
-sql-injection-vulnerability/index.html

10.19.78 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: SamaGraph CMS "inside.aspx" SQL Injection Vulnerability
Description: SamaGraph CMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "g" parameter of the "inside.aspx" script.
Ref: http://www.securityfocus.com/bid/39892

10.19.79 - CVE: CVE-2010-0964
Platform: Web Application - SQL Injection
Title: Eros Webkatalog "start.php" SQL Injection
Description: Eros Webkatalog is a PHP-based web catalog. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "start.php" script when the "go" parameter is set to "rubrik" before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39899

10.19.80 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: wsCMS "news.php" SQL Injection
Description: wsCMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "news.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39903

10.19.81 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: eZoneScripts Apartment Search Script "listtest.php" SQL Injection
Description: eZoneScripts Apartment Search Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "r" parameter of the "productdemos/ApartmentSearch/listtest.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39905

10.19.82 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: eZoneScripts Apartment Search and Classified Ultra Login Multiple SQL Injection
Description: eZoneScripts Apartment Search Script and Classified Ultra Script are PHP-based web applications. These applications are exposed to multiple SQL injection issue because they fail to sufficiently sanitize user-supplied input to the "User" and "Pass" parameters in an SQL query.
Ref: http://www.securityfocus.com/bid/39911

10.19.83 - CVE: Not Available
Platform: Web Application
Title: SmartBlog SQL Injection and Cross-Site Scripting Vulnerabilities
Description: SmartBlog is a PHP-based web-log application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "id" field of the "commentaire.php" script before using it in an SQL query. SmartBlog version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/39756

10.19.84 - CVE: Not Available
Platform: Web Application
Title: Zyke CMS "admin/controlpanel.php" Arbitrary File Upload
Description: Zyke CMS is a content management system. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files uploaded via the "admin/controlpanel.php" script. Zyke CMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/39761

10.19.85 - CVE: Not Available
Platform: Web Application
Title: Zyke CMS Multiple Administrative Scripts Authentication Bypass Vulnerabilities
Description: Zyke CMS is a content management system implemented in PHP. The application is exposed to multiple authentication bypass issues because it fails to perform adequate authentication checks. Specifically, the application fails to restrict access to the "admin/home.php" and "admin/generalsettings.php" administrative scripts. Zyke CMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/39765

10.19.86 - CVE: Not Available
Platform: Web Application
Title: Drupal Decisions Module Node Listing Security Bypass
Description: Decisions is a module for the Drupal content manager. It provides voting systems and decision making tools. The module is exposed to a security bypass issue because it fails to properly respect node access restrictions. Decisions versions prior to 5.x-1.2 and 6.x-1.7 are affected.
Ref: http://drupal.org/node/784446

10.19.87 - CVE: Not Available
Platform: Web Application
Title: LaNewsFactory Multiple Input Validation Vulnerabilities
Description: LaNewsFactory is a PHP web news and forums engine. The application is exposed to the multiple issues. Multiple unspecified local file include issues because it fails to adequately sanitize user-supplied input. An arbitrary file overwrite issue that may allow remote attackers to overwrite arbitrary local files. An open-email-relay issue which may allow an attacker to send arbitrary emails through the "mailto.php" script. LaNewsFactory version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/39775

10.19.88 - CVE: Not Available
Platform: Web Application
Title: Drupal Privatemsg Module Notification Template Settings Security Bypass
Description: Privatemsg is a module for the Drupal content manager that allows users to send private messages. Privatemsg contains a sub-module, "Email Notification", which emails users when private messages are sent. The module is exposed to a security bypass issue because it fails to properly respect access restrictions. Privatemsg versions prior to 6.x-1.2 are affected.
Ref: http://drupal.org/node/784602

10.19.89 - CVE: Not Available
Platform: Web Application
Title: velBox Insecure Cookie Authentication Bypass
Description: velBox is a web-based application implemented in PHP. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, attackers can gain administrative access to the application by setting the "login_admin" cookie parameter to "true", and the "path" parameter to "/". velBox version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/39778

10.19.90 - CVE: Not Available
Platform: Web Application
Title: WM Downloader ".asx" File Remote Stack Buffer Overflow
Description: WM Downloader is a file download management application. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".asx" file. WM Downloader version 3.0.0.9 is affected.
Ref: http://www.securityfocus.com/bid/39781

10.19.91 - CVE: Not Available
Platform: Web Application
Title: deV!L'z Clanportal Multiple Remote File Include Vulnerabilities
Description: deV!L'z Clanportal is a PHP-based web portal application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. deV!L'z Clanportal version 1.5.3 is affected.
Ref: http://www.securityfocus.com/bid/39784

10.19.92 - CVE: Not Available
Platform: Web Application
Title: deV!L'z Clanportal "thumbgen.php" Local File Disclosure
Description: deV!L'z Clanportal is a PHP-based web portal application. The application is exposed to a local file disclosure issue that affects the "img" parameter of the "thumbgen.php" script. deV!Lz Clanportal version 1.5.3 is affected.
Ref: http://www.securityfocus.com/bid/39785

10.19.93 - CVE: Not Available
Platform: Web Application
Title: Tr Forum SQL Injection and Cross-Site Scripting Vulnerabilities
Description: Tr Forum is a PHP-based forum application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. A cross-site scripting issue affects the "id" parameter of the "repondre.php" script, and an SQL injection issue that affects the "page" parameter of the "index.php" script. Tr Forum version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/39786

10.19.94 - CVE: Not Available
Platform: Web Application
Title: iScripts SocialWare Arbitrary File Upload and Cross-Site Scripting Vulnerabilities
Description: iScripts SocialWare is a web-based social networking application. The application is exposed to multiple issues. An issue allows attackers to upload and execute arbitrary PHP code. A cross-site scripting issue occurs because the application fails to sufficiently sanitize user-supplied input to the search field of the "album.php" script. iScripts SocialWare version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/39787

10.19.95 - CVE: Not Available
Platform: Web Application
Title: OXID eShop HTML Injection and Session Fixation Vulnerabilities
Description: OXID eShop is a PHP-based shopping cart application. The application is exposed to multiple issues. A session fixation issue because of an error in how the admin panel handles sessions. An HTLM-injection issue because it fails to sufficiently sanitize user-supplied input. OXID eShop Professional, Community, and Enterprise versions prior to 4.3.0 are affected.
Ref: http://wiki.oxidforge.org/Security_bulletins/2010-001

10.19.96 - CVE: Not Available
Platform: Web Application
Title: KimsQ Multiple Remote File Include Vulnerabilities
Description: KimsQ is a content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. KimsQ version 040109 is affected.
Ref: http://www.securityfocus.com/bid/39800

10.19.97 - CVE: Not Available
Platform: Web Application
Title: React Forum "index.php" Local File Include
Description: React Forum is a PHP-based online forum software. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "action" parameter of the "list_message/index.php" script.
Ref: http://www.securityfocus.com/bid/39803

10.19.98 - CVE: Not Available
Platform: Web Application
Title: TSOKA CMS "id" Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
Description: TSOKA CMS is content management system implemented in PHP. The application is exposed to input validation issues because it fails to sufficiently sanitize user-supplied data. Specifically, these issues affect the "id" parameter of an unspecified script. TSOKA CMS versions 1.1, 1.9 and 2.0 are affected.
Ref: http://www.securityfocus.com/bid/39815

10.19.99 - CVE: Not Available
Platform: Web Application
Title: osCommerce Local File Include and HTML Injection Vulnerabilities
Description: osCommerce is a PHP-based ecommerce application. The application is exposed to multiple input validation issues. A local file include issue affects the "module" parameter of the "includes/applications/services/pages/uninstall.php" script. An HTML injection issue affects the "Front" field in the "products.php" page. osCommerce version 3.0a5 is affected.
Ref: http://ictsec.wordpress.com/exploits/oscommerce-v3-0a5-multiple-vulnerabilities/

10.19.100 - CVE: Not Available
Platform: Web Application
Title: chCounter "visitor_details.php" Input Validation
Description: chCounter is a PHP-based visitor counter application. The application is exposed to an issue that may allow an attacker to inject malicious HTML or SQL because it fails to properly sanitize user-supplied data to the "wert" field in the "chc_pages" table of "administrator/visitor_details.php". chCounter version 3.1.1 is affected.
Ref: http://www.securityfocus.com/bid/39824

10.19.101 - CVE: Not Available
Platform: Web Application
Title: tpop3d Remote Denial of Service
Description: tpop3d is a POP3 server for Unix based systems. The application is exposed to a remote denial of service issue because it fails to properly handle exceptional user-supplied input. tpop3d version 1.5.3 is affected.
Ref: http://www.securityfocus.com/bid/39838

10.19.102 - CVE: Not Available
Platform: Web Application
Title: Fw-BofF Local and Remote File Include Vulnerabilities
Description: Fw-BofF is a web-based application. The application is exposed to multiple input validation issues. A local file include issue affects the "configDBchoice" parameter of the "core/database.php" script, and a remote file include issue affects the "configRootDir" parameter of the "core/dispatcher.php" script. Fw-BofF version 1.5.3beta is affected.
Ref: http://www.securityfocus.com/bid/39847

10.19.103 - CVE: Not Available
Platform: Web Application
Title: notsopureedit "template.php" Remote File Include
Description: notsopureedit is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "content" parameter of the "templates/template.php" script. notsopureedit version 1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/39853

10.19.104 - CVE: Not Available
Platform: Web Application
Title: DBHcms Cross-Site Scripting and HTML Injection Vulnerabilities
Description: DBHcms is a PHP-based content management application. Since DBHcms fails to properly sanitize user-supplied input before using it in dynamically generated content, it is exposed to multiple issues. A cross-site scripting issue affects the "searchString" parameter of an unknown script, and HTML injection issues affect parameters when posting to the guest-book feature. DBHcms version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/39866

10.19.105 - CVE: Not Available
Platform: Web Application
Title: CF Image Hosting Script "upload.php" Arbitrary File Upload
Description: CF Image Hosting Script is a PHP-based online image hosting script application. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input to the "upload.php" script. CF Image Hosting Script version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/39870

10.19.106 - CVE: Not Available
Platform: Web Application
Title: NolaPro Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities
Description: NolaPro Enterprise is a PHP-based business management application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. NolaPro Enterprise version 4.0.5538 is affected.
Ref: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-035-no
lapro-enterprise-4-0-5538-multiple-vulnerabilities/

10.19.107 - CVE: Not Available
Platform: Web Application
Title: openMairie openCimetiere "path_om" Parameter Multiple Remote File Include
Description: openMairie openCimetiere is a web-based management application. The application is exposed to multiple remote file include issues because the application fails to sufficiently sanitize user-supplied input to the "path_om" parameter. openCimetiere version 2.01 is affected.
Ref: http://www.securityfocus.com/bid/39883

10.19.108 - CVE: Not Available
Platform: Web Application
Title: Duhok Forum "index.php" HTML Injection
Description: Duhok Forum is a PHP-based online forum application. Duhok Forum is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input to the "index.php" script when a new post is submitted. Duhok Forum version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/39884

10.19.109 - CVE: Not Available
Platform: Web Application
Title: openMairie openCatalogue "dsn[phptype]" Parameter Local File Include
Description: openMairie openCatalogue is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "dsn[phptype]" parameter of the "soustab.php" script. openMairie openCatalogue version 1.024 is affected.
Ref: http://www.securityfocus.com/bid/39886/references

10.19.110 - CVE: Not Available
Platform: Web Application
Title: openMairie openAnnuaire Local and Remote File Include Vulnerabilities
Description: openMairie openAnnuaire is a web-based phone directory application. The application is exposed to multiple input validation issues. A local file include issue affects the "dsn[phptype]" parameter of the "scr/soustab.php" script. Multiple remote file include issues affect the "path_om" parameter. openMairie openAnnuaire version 2.00 is affected.
Ref: http://www.securityfocus.com/bid/39887

10.19.111 - CVE: Not Available
Platform: Web Application
Title: CH-CMS.ch Multiple Arbitrary File Upload
Description: CH-CMS.ch is a PHP-based content management system. The application is exposed to multiple arbitrary file upload issue because it fails to properly sanitize user-supplied input to the scripts "Final/login/ava_up1.php" and the "Final/login/ava_up12.php". CH-CMS.ch version 2 is affected.
Ref: http://www.securityfocus.com/bid/39888

10.19.112 - CVE: Not Available
Platform: Web Application
Title: Gallo "gfw_smarty.php" Remote File Include
Description: Gallo is a web-based application implemented in PHP. The application is exposed to a remote file include issue. Gallo version 0.1.0 is affected.
Ref: http://www.securityfocus.com/bid/39890

10.19.113 - CVE: Not Available
Platform: Web Application
Title: Tr Forum SQL Injection and Cross-Site Scripting
Description: Tr Forum is a PHP-based forum application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. Tr Forum version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/39786

10.19.114 - CVE: Not Available
Platform: Web Application
Title: eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass
Description: eZoneScripts Banner Exchange Website, Adult Banner Exchange Website, Apartment Search Script, phpMiniSite Script, and Classified Ultra Script are PHP-based web applications. These applications are exposed to an authentication bypass issue because they fail to adequately verify user-supplied input used for cookie based authentication.
Ref: http://www.ezonescripts.com/scripts/sls/phpminisite.php

10.19.115 - CVE: Not Available
Platform: Web Application
Title: MOJO IWMS Multiple Vulnerabilities
Description: MOJO IWMS is an integrated content management application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "file_id" parameter of the "downloader.asp" script before using it in an SQL query. The application is also exposed to a cross-site scripting issue that affects the "ERRMSG" parameter of the "upload/default.asp" script. MOJO IWMS version 7 is affected.
Ref: http://www.securityfocus.com/bid/39916

10.19.116 - CVE: Not Available
Platform: Web Application
Title: FlexAppsStore Flex MySQL Connector Unauthorized Access
Description: Flex MySQL Connector is a web application implemented in PHP. The application is exposed to an unauthorized access issue that allows attackers to run arbitrary SQL commands.
Ref: http://www.hack0wn.com/view.php?xroot=421.0&cat=exploits

10.19.117 - CVE: CVE-2010-1043
Platform: Web Application
Title: JaxCMS "index.php" Local File Include
Description: JaxCMS is a PHP-based content management system. The application is exposed to a local file include issue because it fails to properly sanitize user supplied input to the "p" parameter of the "index.php" script. JaxCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/39920

10.19.118 - CVE: Not Available
Platform: Network Device
Title: NIBE Heat Pump "read.cgi" Local File Include
Description: NIBE Heat Pumps are domestic heating devices. The devices may be controlled by a web interface. The Heat Pump is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "cgi-bin/read.cgi" script.
Ref: http://www.securityfocus.com/bid/39759

10.19.119 - CVE: Not Available
Platform: Network Device
Title: ZKSoftware "ZK5000" Remote Information Disclosure
Description: ZKSoftware ZK5000 is a finger print scanner. The ZKSoftware ZK5000 is exposed to an information disclosure issue. Specifically, sensitive information can be obtained from the ZK5000 fingerprint scanner using e-TimeTrack software or by sending specially crafted UDP packets to the device.
Ref: http://packetstormsecurity.org/1003-exploits/zksoftware-dump.txt

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Check Them Out!

Excellent, relevant, immediately useful information. I can't wait to get back to the office to try it out.
-Steve Zehl, USGS

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 19
May 6, 2010

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

Third Party Windows Apps

Linux

BSD

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2010

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 19May 6, 2010

Current Newsletters

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

Third Party Windows Apps

Linux

BSD

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered VulnerabilitiesWeek 19, 2010

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

Volume: IX, Issue: 19
May 6, 2010

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2010